Blog

DFARS In Depth – Part 3: Configuration Management

To continue our discussions of the security requirements of DFARS and CMMC, this week we’ll be looking at the fourth security family in NIST SP 800-171: Configuration Management.

Configuration management is a set of practices that ensures that your systems and devices are configured correctly from the start, and that any changes made to their configuration does not affect the security of your systems.

Tech Thursday: DFARS In Depth – Part 1: Access Control

Recently, we looked at the new DFARS regulation for defense contractors, called the Cybersecurity Maturity Model Certification, and what your business can do to prepare for its implementation. As we mentioned, CMMC will be largely based on NIST SP 800-171, “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations”. So, starting this week, we will examine each of the 14 security requirement families outlined in SP 800-171, and how your business can implement their requirements successfully, even in a small network.

Tech Thursday: The Ins and Outs of IT Leadership

In the last few articles, we’ve discussed how to build an effective IT team that will help your business to grow and succeed. But your team will also need effective
leadership -- managers, directors, and executives who can chart a path for your IT department that keeps your business competitive.

Tech Thursday: How To Staff Your IT Department Strategically

In our last two articles, we covered the various roles that make up an IT department. However, a small or even mid-sized company cannot fill all of these roles immediately. So, the question comes up: As my company grows, how can I strategically fill these IT roles to best utilize the resources I have?

To answer that question, we’ll first examine how IT departments tend to grow organically, and how that can bog down your company with ineffective technical solutions.

Tech Thursday: How To Implement Your IT Policy

Last week, we talked about the importance of developing a unified IT policy, and putting that policy down in writing. With a bit of work and patience, you can make sure that other managers, department heads, and the executive team understand and support the policy decisions.